← Previous day | Today | Next day → | Search | Index
All times shown according to UTC.
| Time | Nick | Message |
|---|---|---|
| 00:07 | mbridge joined #koha | |
| 01:07 | mbridge joined #koha | |
| 02:07 | mbridge joined #koha | |
| 03:07 | mbridge joined #koha | |
| 04:07 | mbridge joined #koha | |
| 05:07 | mbridge joined #koha | |
| 06:07 | mbridge joined #koha | |
| 06:09 | mbridge | [mattermost] <dcook> When you say the application is FIPS compliant, which application are you referring to? |
| 06:09 | [mattermost] <dcook> I am familiar with OAuth2. Koha's implementation of it for the API is not great, especially in terms of scopes. It's better than HTTP Basic Auth for authentication with the API, but it does nothing for authorization in this case. Authorization is really the bit I'm most concerned about. | |
| 06:09 | [mattermost] <dcook> "SQL Injection Prevention": which code is processing the queries? Are you fetching the SQL from Koha and then having your third-party code send it directly to MySQL? | |
| 06:09 | [mattermost] <dcook> I am also familiar with Koha. I'm one of the top 30 contributors and have worked on it for over 12 years ;). | |
| 06:09 | [mattermost] <dcook> "Role-Based Access Control (RBAC)": Could you speak to this some more? Koha doesn't use RBAC. Have you customized Koha to include it or provide it at another layer? | |
| 06:09 | [mattermost] <dcook> "Audit Logging": That may be very well for you, but you need to consider ALL Koha users when you make changes to Koha core code. Not everyone in the world has real-time log monitoring. | |
| 06:09 | [mattermost] <dcook> -- | |
| 06:09 | [mattermost] <dcook> I thought I was clear on Bugzilla but my apologies if I wasn't clear there. I'll try to rephase things. | |
| 06:09 | [mattermost] <dcook> - Consider a standard open source Koha installation with no customisations. | |
| 06:09 | [mattermost] <dcook> - There's a hypothetical endpoint for saved_sql | |
| 06:09 | [mattermost] <dcook> - An API user with the relevant "create_reports" and "delete_reports" permissions are able to create, retrieve, update, and delete reports | |
| 06:09 | [mattermost] <dcook> That all sounds fine to me. | |
| 06:09 | [mattermost] <dcook> (Note that a hypothetical "buildendpoint.pl" would need to be aware of Koha permissions, which would be very difficult to implement. That's the security nightmare to which I was referring.) | |
| 06:09 | [mattermost] <dcook> I am interested in where you see these SQL reports being executed. I noticed in your video that it looks like your third-party application is getting the results of the SQL query in some way. It's not clear whether Koha is running the query or if it's being directly passed to MySQL. | |
| 06:09 | [mattermost] <dcook> If it's being passed directly to MySQL, does the user using your third-party application have the "execute_reports" permission? | |
| 06:09 | [mattermost] <dcook> When you're using OAuth2 with the Koha REST API, is it based on a generic system user, or the end user on their workstation? | |
| 06:09 | [mattermost] <dcook> These are the kind of security questions I'm asking you to keep in mind. You don't want to accidentally allow any user of your third-party application to fetch and run SQL reports which could contain patron personal information. That would be a security problem. | |
| 06:09 | [mattermost] <dcook> You may have already thought of all this and addressed it, and that's great. Since you're requesting the creation of the endpoint on https://bugs.koha-community.or[…]_bug.cgi?id=37062 I think you just need to be very clear about what you have in mind. | |
| 06:09 | huginn` | 04Bug 37062: enhancement, P5 - low, ---, koha-bugs, NEW , REST API endpoint expansion for table saved_sql |
| 06:10 | mbridge | [mattermost] <dcook> Protecting users' personal information needs to be everyone's top priority, especially in this day and age when personal information breaches are frighteningly not uncommon. |
| 06:10 | [mattermost] <jpahd> Hi @dcook, I already wrote a super basic plugin so might not be as relevant anymore. | |
| 06:25 | alex_a joined #koha | |
| 06:37 | thibaud_g joined #koha | |
| 06:41 | reiveune joined #koha | |
| 06:41 | reiveune | hello |
| 07:07 | mbridge joined #koha | |
| 07:11 | alex_a joined #koha | |
| 07:12 | lds joined #koha | |
| 07:15 | saa joined #koha | |
| 08:07 | mbridge joined #koha | |
| 08:55 | thibaud_g joined #koha | |
| 08:56 | lds joined #koha | |
| 09:07 | mbridge joined #koha | |
| 09:21 | saa joined #koha | |
| 09:21 | saa | if i have to install specific version of koha 23.05.03-2 what is best way to do |
| 09:22 | while running apt-get install --reinstall ubuntu-gnome-desktop command it removed koha-common now to get back with koha | |
| 09:22 | if i run stable it will have trouble with database upgrade hence wish to try to get same version of koha back on same system | |
| 10:07 | mbridge joined #koha | |
| 10:45 | alex_a joined #koha | |
| 11:07 | mbridge joined #koha | |
| 11:22 | lds joined #koha | |
| 12:07 | mbridge joined #koha | |
| 13:07 | mbridge joined #koha | |
| 14:07 | mbridge joined #koha | |
| 15:03 | reiveune | bye |
| 15:03 | reiveune left #koha | |
| 15:07 | mbridge joined #koha | |
| 15:50 | mbridge | [mattermost] <gveranis> Hi, I would like to ask if any knows why could Koha return No item modified on a batch modification where should change the value. Koha is running 24.05 , elasticsearch 7.17 and SQL polling. |
| 16:04 | [mattermost] <gveranis> probably we found a bug, when trying set an item on batchmod ( edit / delete ) then the itemnumber is not loaded on checkbox value and for that reason nothing modified | |
| 16:07 | mbridge joined #koha | |
| 16:38 | mbridge | [mattermost] <rudy.hinojosa> I'm very excited. The plugin has really simplified my initial designs. @dcook Thank you for your feedback. My application is FIPS compliant as you saw in the video. Koha executes all reports. My windows application simply has a filewatcher object that waits for a csv file to be downloaded, and if it matches a mapped jasper report, it automatically calls the jasper report that uses the csv data. I'll be |
| 16:39 | [mattermost] <rudy.hinojosa> @dcook and none of this will require any code changes, or implementations to any Koha core code. I'm sorry I wasn't very clear on that. | |
| 17:07 | mbridge joined #koha | |
| 18:05 | Dyrcona joined #koha | |
| 18:07 | mbridge joined #koha | |
| 19:07 | mbridge joined #koha | |
| 20:07 | mbridge joined #koha | |
| 20:27 | davidnind | gveranis: Can you provide an example of how to replicate the behavour you are seeing. I will then have a go at reproducing it. |
| 21:07 | mbridge joined #koha | |
| 21:10 | elkym joined #koha | |
| 21:28 | elkym | Anyone else here? |
| 21:28 | elkym left #koha | |
| 21:56 | mbridge | [mattermost] <gveranis> When trying to modify at least one or more items using batch mode functionality, then Koha is allowed to Save it but if you check the background process then the message is No Items modified. |
| 21:56 | [mattermost] <gveranis> The problem seems to be at Koha::UI::Table::Builder::Items on the function build_table where itemnumber is missing and for that reason is not loaded as a value parameter on checkbox. I will submit the patch and the test plan soon. | |
| 21:56 | [mattermost] <gveranis> https://bugs.koha-community.or[…]_bug.cgi?id=37084 | |
| 21:56 | huginn` | 04Bug 37084: enhancement, P5 - low, ---, koha-bugs, NEW , Batch Item modification not modify items after save |
| 22:07 | mbridge joined #koha | |
| 23:07 | mbridge joined #koha |
← Previous day | Today | Next day → | Search | Index